nguyenvinht wrote: > Thanks for replying. > I want to implement this through RADIUS Server. > Looking for some code modification or new attributes to accomplish the task. > > Vinh. > > > tnt wrote: >> Allow everybody (who knows your secret) to use your radius server by >> entering 0.0.0.0/0 as client address in clents.conf. Use firewall to >> block access to radius ports for those specific IP addresses.
Allow everybody (who knows your secret) to use your radius server by entering 0.0.0.0/0 as client address in clents.conf. Enter naughty hosts in naughty huntgroup. Check for naughty huntgroup and reject. Huntgroups naughty Packet-Src-IP-Address == naughtyhostone.com naughty Packet-Src-IP-Address == 139.184.12.1 naughty Packet-Src-IP-Address == 127.0.0.1 Users DEFAULT Huntgroup-Name == "naughty", Auth-Type := Reject Apparently RFC states that server must respond ... so unless you use a firewall, naughty hosts will know the servers alive , and be able to flood it with lots of requests. Only way to get FreeRADIUS to be quiet is to modify the source. -- Arran Cudbard-Bell ([EMAIL PROTECTED]) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
